Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting data between devices. In one example, a destination device receives a policy profile that includes an origination key and a destination key, and the origination key corresponds to a public transfer key of a source device. The destination device verifies the policy profile based on the destination key corresponding to a public transfer key of the source device. The destination device receives a signed encrypted data encryption key from the source device. The destination device receives encrypted data from the source device. The destination device verifies the signed encrypted data encryption key originated from the source device based on the signed encrypted data key being signed with a private attestation identity key that corresponds to a public attestation identity key of the source device. The destination device decrypts encrypted data using a private transfer key of the destination device.

Abstract: A transaction is conducted between a merchant site and a customer's electronic device using a payment processor. The merchant site is associated with a client-side application and a server-side application. The client-side application executes on the customer's electronic device. The client-side application electronically sends payment information retrieved from the customer's electronic device to the payment processor. The client-side application does not send the payment information to the server-side application. The payment processor creates a token from the payment information sent by the client-side application. The token functions as a proxy for the payment information. The payment processor electronically sends the token to the client-side application. The client-side application electronically sends the token to the server-side application for use by the server-side application in conducting the transaction.

Abstract: The present disclosure relates generally to systems and methods for content authentication. A method can include receiving from a sender system transmitted content (C) and appended content, the appended content including a digital signature associated with the content (C) and a hash tree (“SHT”) associated with the content (C), generating with a signature engine a hash tree (“RHT”) from the content (C), cryptographically verifying the received digital signature to generate a resultant hash value, comparing the resultant hash value to the second hash value of the second root node, determining that the second hash value of the second root node does not match the resultant hash value, identifying a potentially corrupted portion of content (C) via comparison of at least some of the plurality of first nodes of SHT to corresponding second nodes of RHT, and indicating that the digital signature could not be verified.

Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting data between devices. In one example, a destination device receives a policy profile that includes an origination key and a destination key, and the origination key corresponds to a public transfer key of a source device. The destination device verifies the policy profile based on the destination key corresponding to a public transfer key of the source device. The destination device receives a signed encrypted data encryption key from the source device. The destination device receives encrypted data from the source device. The destination device verifies the signed encrypted data encryption key originated from the source device based on the signed encrypted data key being signed with a private attestation identity key that corresponds to a public attestation identity key of the source device. The destination device decrypts encrypted data using a private transfer key of the destination device.

Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting sensitive data between devices. In one example, an origination device receives and verifies, in a secure environment, a policy profile that includes an origination key of the origination device and a destination key of a destination device. The origination device generates and seals a data encryption key based on a characteristic of the secure environment. The origination device then encrypts the data encryption key with a public key of the destination device to form an encrypted data encryption key. The origination device then signs the encrypted data encryption key with a private attestation identity key of the origination device. The origination device encrypts the sensitive data with the sealed data encryption key to form encrypted data, and then transmits the signed encrypted data encryption key and the encrypted data to the destination device for subsequent decryption of the encrypted data.

Abstract: The present disclosure relates generally to systems and methods for content authentication. A method can include receiving from a sender system transmitted content (C) and appended content, the appended content including a digital signature associated with the content (C) and a hash tree (“SHT”) associated with the content (C), generating with a signature engine a hash tree (“RHT”) from the content (C), cryptographically verifying the received digital signature to generate a resultant hash value, comparing the resultant hash value to the second hash value of the second root node, determining that the second hash value of the second root node does not match the resultant hash value, identifying a potentially corrupted portion of content (C) via comparison of at least some of the plurality of first nodes of SHT to corresponding second nodes of RHT, and indicating that the digital signature could not be verified.

Abstract: Techniques are disclosed for enabling attested end-to-end encryption for transporting sensitive data between devices. In one example, an origination device receives and verifies, in a secure environment, a policy profile that includes an origination key of the origination device and a destination key of a destination device. The origination device generates and seals a data encryption key based on a characteristic of the secure environment. The origination device then encrypts the data encryption key with a public key of the destination device to form an encrypted data encryption key. The origination device then signs the encrypted data encryption key with a private attestation identity key of the origination device. The origination device encrypts the sensitive data with the sealed data encryption key to form encrypted data, and then transmits the signed encrypted data encryption key and the encrypted data to the destination device for subsequent decryption of the encrypted data.

Abstract: A transaction is conducted between a merchant site and a customer's electronic device using a payment processor. The merchant site is associated with a client-side application and a server-side application. The client-side application executes on the customer's electronic device. The client-side application electronically sends payment information retrieved from the customer's electronic device to the payment processor. The client-side application does not send the payment information to the server-side application. The payment processor creates a token from the payment information sent by the client-side application. The token functions as a proxy for the payment information. The payment processor electronically sends the token to the client-side application. The client-side application electronically sends the token to the server-side application for use by the server-side application in conducting the transaction.

Abstract: A transaction is conducted between a merchant site and a customer's electronic device using a payment processor. The merchant site is associated with a client-side application and a server-side application. The client-side application executes on the customer's electronic device. The client-side application electronically sends payment information retrieved from the customer's electronic device to the payment processor. The client-side application does not send the payment information to the server-side application. The payment processor creates a token from the payment information sent by the client-side application. The token functions as a proxy for the payment information. The payment processor electronically sends the token to the client-side application. The client-side application electronically sends the token to the server-side application for use by the server-side application in conducting the transaction.

Abstract: A transaction is conducted between a merchant site and a customer's electronic device using a payment processor. The merchant site is associated with a client-side application and a server-side application. The client-side application executes on the customer's electronic device. The client-side application electronically sends payment information retrieved from the customer's electronic device to the payment processor. The client-side application does not send the payment information to the server-side application. The payment processor creates a token from the payment information sent by the client-side application. The token functions as a proxy for the payment information. The payment processor electronically sends the token to the client-side application. The client-side application electronically sends the token to the server-side application for use by the server-side application in conducting the transaction.